Martin Willi
|
c636bc7e17
|
Cleanup library if daemon initialization fails
|
2009-12-03 08:00:43 +01:00 |
Martin Willi
|
65c8bff7a1
|
To build strongSwan from git sources, gettext is required
|
2009-12-02 11:49:11 +01:00 |
Martin Willi
|
376a11db3c
|
Do not install invalid 0.0.0.0 DNS servers
|
2009-12-01 15:46:56 +01:00 |
Martin Willi
|
5b4d0de7d4
|
Prefer EAP-Identity for provider attribute/address lookup
|
2009-12-01 14:24:07 +01:00 |
Martin Willi
|
f6116e61fc
|
Save EAP-Identity on auth config
|
2009-12-01 14:24:06 +01:00 |
Martin Willi
|
44ce749360
|
Store completed authentication rounds permanently on IKE_SA, with flush option
|
2009-12-01 11:35:30 +01:00 |
Martin Willi
|
5b2b4d190a
|
Removed obsolete and unused [gs]et_eap_identity() methods
|
2009-11-30 16:59:23 +01:00 |
Martin Willi
|
5351e51951
|
Do not propose transport mode as initiator if connection is NATed
|
2009-11-30 11:32:26 +01:00 |
Martin Willi
|
bff9f824ed
|
Verify EAP-SIM/AKA AT_MAC before processing any attributes
|
2009-11-30 10:00:06 +01:00 |
Martin Willi
|
b04e72c21c
|
SIM/AKA/Request/Reauthentication AT_MAC does not include NONCE_S, only the response
|
2009-11-30 09:27:39 +01:00 |
Martin Willi
|
5a91fd4536
|
Invoke attribute/key hooks from libsimaka
|
2009-11-30 09:27:34 +01:00 |
Martin Willi
|
8434c88b5e
|
Extended SIM manager by hooks, currently featuring attribute and key hooks
|
2009-11-30 09:27:26 +01:00 |
Martin Willi
|
fb1ae8da52
|
Added a get_sa() method to the bus, allowing a thread to lookup its IKE_SA
|
2009-11-30 09:27:14 +01:00 |
Martin Willi
|
c56d958243
|
Handle NOT_SUPPORTED or other errors properly in get_quintuplet
|
2009-11-30 09:26:35 +01:00 |
Andreas Steffen
|
7868162b35
|
added RFC-conforming ikev2/sha2 scenarios
|
2009-11-26 23:48:29 +01:00 |
Andreas Steffen
|
68db91ca32
|
adapted ikev2/alg-aes-xcbc scenario
|
2009-11-26 23:46:27 +01:00 |
Martin Willi
|
2b2c69e992
|
Use transport mode ESP SA if IPcomp is used, IPcomp already applies outer IP header
|
2009-11-26 16:03:06 +01:00 |
Martin Willi
|
52fd0ef9e0
|
Added NEWS about SHA2 changes
|
2009-11-26 10:39:26 +01:00 |
Martin Willi
|
6780edc07e
|
Use full algorithm name for SHA384/512 HMACs
|
2009-11-26 10:39:26 +01:00 |
Martin Willi
|
6546482a68
|
Support the Linux specific SHA256 96 bit truncation HMAC via "sha256_96" keyword
|
2009-11-26 10:39:25 +01:00 |
Martin Willi
|
eebfa73fd5
|
Install SHA256_128 auth algorithm with specified 128 bit truncation
|
2009-11-26 10:39:25 +01:00 |
Martin Willi
|
2379fdba1e
|
Updated XFRM linux header, includes specified truncations for auth algos
|
2009-11-26 10:39:25 +01:00 |
Martin Willi
|
5be75c2cb1
|
Added support for IPv6 source route installation
|
2009-11-26 10:31:00 +01:00 |
Martin Willi
|
387a6e6c32
|
Check existing path in mobike probing only if we still have a route
|
2009-11-26 10:30:59 +01:00 |
Andreas Steffen
|
4b55cf5d09
|
put identities in single quotes
|
2009-11-25 09:02:09 +01:00 |
Andreas Steffen
|
653da7c907
|
added more debugging in configuration attribute handling
|
2009-11-24 23:17:07 +01:00 |
Andreas Steffen
|
eba568563c
|
changed error messages in the case of faulty esp and ike strings
|
2009-11-24 16:45:52 +01:00 |
Andreas Steffen
|
2eeab939a0
|
do not send all available kernel algorithms if esp string is faulty
|
2009-11-24 16:38:10 +01:00 |
Elmar Vonlanthen
|
792876ff87
|
check if alg_info_esp exists
|
2009-11-24 16:15:12 +01:00 |
Andreas Steffen
|
cda8ec7afc
|
added some parentheses
|
2009-11-24 14:36:17 +01:00 |
Andreas Steffen
|
93e2377c7f
|
allow ECP DH groups in pfsgroup definition
|
2009-11-24 14:35:25 +01:00 |
Andreas Steffen
|
17d52fbba1
|
renewed OCSP Signing certificate
|
2009-11-24 13:55:38 +01:00 |
Andreas Steffen
|
c4570d188e
|
issue error message for expired certificates in OCSP trust chain checking
|
2009-11-24 12:37:38 +01:00 |
Andreas Steffen
|
227583ba59
|
updated IKEv2 notification messages assigned by IANA
|
2009-11-24 09:21:00 +01:00 |
Andreas Steffen
|
44e41c4c6e
|
updated NEWS for 4.3.6dr2
|
2009-11-24 09:18:41 +01:00 |
Martin Willi
|
06f02f993c
|
Do not recreate existing create_child subtask when retrying with different DH group
|
2009-11-23 13:50:01 +01:00 |
Martin Willi
|
0d1d19b99d
|
Avoid potentially unaligned half-word read
|
2009-11-23 13:49:19 +01:00 |
Eric Mertens
|
ad78bb13c8
|
Correctly set host number to zero when computing traffic selector range
|
2009-11-23 10:34:30 +01:00 |
Martin Willi
|
dd326c114f
|
Use abort() instead of raising SIGKILL, gives us proper core dumps if enabled
|
2009-11-20 14:36:24 +01:00 |
Martin Willi
|
832f283150
|
Use status_t return value for get_quintuplet() dummy implementations
|
2009-11-20 11:02:06 +01:00 |
Martin Willi
|
10bc5d96cb
|
Move comment out of register_printf_function test
|
2009-11-19 14:37:34 +01:00 |
Martin Willi
|
80b44cd71a
|
Message stringification supports more detailed EAP payload information
|
2009-11-18 10:37:46 +01:00 |
Martin Willi
|
1860bfa2ea
|
Correctly enumerate attributes to request as initiator with the actually requesting handler
|
2009-11-17 17:51:30 +01:00 |
Martin Willi
|
1427c93fcd
|
Fixed memleak in attribute handling
|
2009-11-17 15:55:45 +00:00 |
Martin Willi
|
d674c2ace0
|
attr plugin supports any custom attribute type having a v4/v6 IP under the charon.plugins.attr namespace
|
2009-11-17 15:53:57 +00:00 |
Martin Willi
|
3797b8e767
|
Support enumeration of key/value pairs in a section of strongswan.conf
|
2009-11-17 15:52:36 +00:00 |
Martin Willi
|
86813bef12
|
Whitelist register_printf_specifier in leak detective
|
2009-11-17 15:51:57 +00:00 |
Martin Willi
|
b5a2055fb1
|
Give plugins more control of which configuration attributes to request, and pass received attributes back to the requesting handler
|
2009-11-17 14:51:50 +01:00 |
Martin Willi
|
e6cf060275
|
Encrypt payloads with missing rule, fix insertion of non-encrypted payloads
|
2009-11-12 14:52:12 +00:00 |
Martin Willi
|
074444972a
|
Build libsimaka with libtool, as we require a PIC-enabled version
|
2009-11-12 13:37:07 +00:00 |